Posted
by
michaelon Tuesday December 28, 2004 @03:55PM
from the finger-in-the-dike dept.

teun writes "This morning the Dutch Telecom Authority, responsible for enforcing the anti-spam law in
the Netherlands, announced their first two fines for Dutch spammers: 25,000 and 42,500 euros. These fines are based on the anti-spam law that became
effective in May this year. Spamvrij.nl is very pleased with these results."gollum123 writes "According to AOL, its subscribers are getting less spam this year. There has been a reduction in both the number of daily email messages to AOL (from 2.1 to 1.6 billion) and in the number of customer complaints about spam." And finally, Saeed al-Sahaf writes "We hear so much about China being the source of spam. But a new study shows China and South Korea as distant second to the United States as the source of spam. Sophos, a leading anti-virus maker has released some findings, which claim that the good old US accounts for almost 42% of spam mails sent out this year, and they chalk it up to lack of security on most desktop computers."

""According to AOL, its subscribers are getting less spam this year. "

Less subscribers = less spam! AOL has found a way to reduce it, for sure: reduce the number of customers through overpricing and degradation of services. This results in fewer inboxes: Viola! Less Spam!

I always type, and especially SAY "viola" because it sounds funnier. Using the wrong word also enhances the realization that the transformation implied is a false one...

Most people don't notice, those that do just think you're illiterate. You might think that people are laughing with you when you put underpants on your head at a party, but actually they're laughing at you.

Most people don't notice, those that do just think you're illiterate. You might think that people are laughing with you when you put underpants on your head at a party, but actually they're laughing at you.

Quite the contrary. I make sure to explain a fair number of my little jokes to those around me. Once properly conditioned, my associates think that every dumb thing I say is intentional. They think I am a comedic genius rather than an illeterate moron.

AOL keeps accounts around long after you leave the service, in the hopes you will one day come back and reactivate. I had an email address there I deleted years ago, only to reactivate it and find I had mail waiting (mostly spam!).

I remember when AOL first stopped rejecting e-mails from my server. I jumped through a bunch of hoops contacting them and trying to get off the blacklist, but in the end they said I would have to contact my ISP because they have me listed as consumer IP. Great. Fortunately, I nor my family really e-mail anyone on AOL any more, so it isn't a problem. I've made my family and the one other user that use my server aware of why they can't e-mail AOL

Well the US EPA has a few charts and graphs on their website none of which provide the exact 25% figure but do show we are the biggest pollutor. Now one interesting graph though is http://yosemite.epa.gov/oar/globalwarming.nsf/cont ent/emissionsindividual.htmlwhich shows that our emissions per capita hasn't gone up much and interestingly enough our emissions per GDP has gone way down which I assume means we are being much more efficient. I think we can eventually turn this efficiency into less emissions in

Definatly completly true, in general it probably happends a lot. You start with someone who leans left socially but is centralist economically, after being attacked constantly for their "liberal views" sees comfort in the friendship of other liberals who are more left leaning in their economics.

Ahh, remember that "Good News" show that was on TV in the mid 90's wow.. hhehe. Wonder what they would have said about the Iraq war, probably replayed that video of the Iraqi girl who got surgery here a thousand times already:)

Are spam crimes really being enforced correctly? Some [theregister.co.uk] would say no. Shouldn't government be focused on combating spam itself by catching each and every spammer, rather than making an example out of a few? It's the same as the RIAA and music; no one worries about getting caught because the odds are so low.

Until we have a centrally-implemented system that tracks every spammer by IP and reports them to ISPs, we won't be making any real progress.

And we're going to pay for that how? And what multinational corporation/government/multigovernment alliance is going to enforce it? A better solution would be to rework the Internet so that it's more costly/difficult to send anonymous, bulk email. A technological soluction, not a governmental/corporate one.

Until we have a centrally-implemented system that tracks every spammer by IP and reports them to ISPs, we won't be making any real progress.

Do you believe tracking every spammer wouldn't imply tracking just about everybody and everything?

Thanks, I preffer to read my daily spam instead turning the web into '84.
It's impossible to catch every spammer, but dragging some of them into court at least lowers the motivation of sending spam in general. If those numbers from AOL are right, then I think it's reasona

Yes, but from what I remember these spammers were not so much charged with spam as they were charged with fraud. Frauding hundreds of people out of millions of dollar is going to get you a long time in the pokey.

The real problem is the companies which are willing to pay spammers to spam. When advertising your product via spam is illegal, spam will be a thing of the past. Yes, there would be joe-jobs, but our legal system is quite capable of dealing with that sort of thing. They manage to deal with that problem for all of our other criminal laws, to give you an example.

Outlawing advertising via spam would mean that the company which wants your money, and has to be accessible to take orders, would face fines and jail time for officers if they spammed. Soon, only the outright frauds would be willing to take that kind of risk, and even the idiots would eventually stop sending money to spammers who never actually sent penis enlargement pills.

Actually it works like this in most countries on the globe. It wouldn't make sense to assume that a company is guilty of sending spam if somebody recieved something advertising their services because you can't really prove that the guy having a rooted box somewhere in Europe, using a bunch of Back Orifice infected boxes in Korea (I didn't belive that it was still alive before I ran some random portscans myself) really sent the spam from those Korean zombies on behalf of given company. Assuming that the targ

You do realize that a large percentage of spam comes from compromised systems, whether it be someones personal home computer hooked up to their DSL/Cable connection or a formmail CGI script sitting on a web site somewhere, right?

A centrally-implemented system that tracks every spammer by IP would do nothing but track everyone BUT the spammer.

As an example, my formmail honeypot gets hundreds of attempted attacks every week. If it was actually sending the spam, a c

but I really don't want any government organization that involved in anything related to the net

You are going to be worried. The net has outgrown its infancy and it is being monitored and policed by the government just like the real world.(of course much of that is caused by abuse of the freedom)

Does anybody know what 25,000 and 42,500 euros works out to in real cash? They can face millions of dollars and jail time here in the U.S., and I seem to recall a fax spammer getting a $5 million fine not too far back.

As long as they can rake in more cash than they pay out, fines are useless.

Yeah, but it's a rather unbalanced opinion piece. Sure, the guy's got a point that spammers are committing nothing more than an annoyance, but it's not necessarily the act of spamming that's being prosecuted for up to $1 billion total spread among four separate entities, it's the fraud and other associated charges that were part of the spamming scheme. These guys ain't saintly, that's for certain. They defraud credit card companies, ISPs, and their own customers to make a buck. To me, that's punishable

These were small companies, not mega-corporations that can pay a 5-million dollar fine and continue.Also, this is a fine, not a tax. They will of course have a big problem when they continue and get caught again.

As long as they can rake in more cash than they pay out, fines are useless.

I'm sure this is a problem, but it may also depend on the case and the specifics of how it was prosecuted. There doesn't seem to be enough information here to be sure.

Many countries' legal systems are designed so that money made from illegal activities is... well... illegal. The spammers might have been required to pay back any money that was made from spamming in addition to the fines, or it might have been included in

Add to that the problem of finding the spammer in the first place. I seem to recall that $5 mil fine (actually, think it was in the billion dollar range) was decided based on the fact that the defendant nor the defendant's lawyers showed up and judgement was automatically decided against them. Not much actual merit in a real case.

I bet non-US sources are probably still the biggest source if you count operations that are knowingly in the business of sending spam, and the majority of the US sources are from zombie armies of owned home computers.

My personal suspicion is that the people spending the money have *always* been distributed between the US and the rest of the world in roughly the same way. It's just a game of what's the best way to get your spam in people's mailboxes. It started out that the best way was open STMP relays, then it changed the chinese rackspace, now it's a constantly shifting collection of zombie machines because the chinese rackspace is too blackholable and the open relays have been closed.

AOL reports a drop in spam because they falsely classify REAL messages as spam! Most network admins I know have had to deal with AOL at one time or another. They are pretty strict for a large ISP: they require valid rDNS records, last I checked, for one, and many times have my parents (stubborn AOL'ers) found legitimate mail in their spam folder).

In my company, one blocked false positive is considered a mortal sin. Report less spam doesn't mean you are great at blocking it, it might mean you're just too damn aggressive at fighting it.

Personally, I don't see any harm in AOL forcing you to adhere to standards.In fact, I love it. Most internet problems stem from people not adhereing to standards, such as using ip adresses as MX records, not using a fqdn on an ehlo, or not listening to (550|450).

Despite AOL sucking donkey balls, they have contributed to making the internet a better place in some ways.

I can't disagree completely, but in fairness, their userbase doesn't know they are pushing this, and most ISPs (including Hotmail, Yahoo, Gmail, etc) don't have such strict requirements. That doesn't make it wrong, it just makes me wonder if it's worth some consortium suggesting that the standards are implemented by, say, 2006-01-01. Then, every makes it well known that on that day, you're officially in the dark if you don't have valid records.

Funny AOL did this a long time ago. If you dont have a valid PTR record in DNS they wont take mail from you they did that a long tim ago. RFC does not say you need it but it says you should. All people are free to choose what they are willing to accept. I hate AOL personaly and profetionaly (wait till you get somebody forwarding mail to an AOL account and marking it as SPAM AOL blacklists the last server in line)

adding false-positives to their spam box would increase spam, not decrease it. And no, I don't think they check and say "oh, we were wrong 36.54% of the time, so we must have 36.54% less incoming spam!"

What is wrong with requiring valid anythings and adhereing to standards? We flame Microsoft for NOT following standards, then flame AOL for following them to precisely? Where is the logic?

it may take as little as 20 to 200 people for that domain to be blacklisted.

Which is fucking overkill when the ISP being blocked has hundreds of thousands of subscribers, all of whom are blocked because of the putative actions of perhaps just one subscriber, months or years ago. And when I use webmail to get through to the few AOL.com or Netscape.com (same owners and policies), they certainly know nothng about this, and have no way to whitelist my messages. In the bounce message I'm directed to an AOL pa

If you match up the extremely determined spammers, millions of really incompentent cable modem/dsl users and the roughly 234987234745 ways to get malware onto a computer, it is no wonder that the US is #1.

What's more surpsing is that ISP's have not done more to stop being the source of spam (ala blocking port 25 outbound).

Why would an ISP bother to do this? Can you think of no legitimate uses of sending email via another mail server other than the local one?

Suppose I have an account at a university that allows me to send mail from my mail client on my desktop through their mail server after I authenticate (ie: username/pass, certificate, etc). They don't particularly care about encrypting the connection, so their mail server listens on port 25 for relays of authorized email. If your ISP (since you're living off campus, or .

A complete port 25 block is a pain. Whenever I use dialup (Sympatico), I'm forced to VPN somewhere or find a SMTP on an alternate port. What I would like to see is the ability to maintain a list of SMTP servers I want to use, allowing those past the ISP's firewall.

I doubt it will happen though... I've been receiving Sober from 213.202.49.152 for almost a week now. Whois lists the ISP as quicknet.ch, and they have yet to do anything to stop it.

A cynic might suggest that Sophos is saying that more people should panic and buy its products. After all, it's not a disinterested party, is it?

As for Korea and China, Korean and Chinese fonts didn't make it into my blacklists for nothin' -- along with assorted Cyrillic alphabets. And for 0wn4ge, my office machine's SSH daemon gets probed an average of 5 times a day from around the world (a couple of probes from a Canadian machine today, a couple from Brazil, one from Hong Kong; and these are after blac

Second, if you want to cut delivery of spam down by 90% to 98% get all ISP's to implement greylisting and spamassassin and block port 25 (but provide an easy way for users to request port 25 be opened if they want to run an email server).

Third, track down the dolts that buy from spam messages and permenately take them off the Internet. If the spammers can not make money from these dolts they will have to go get a real job. (to track the d

Why is blocking port 25 a "really bad idea"? As I said block it but provide users an easy method to request that port 25 be opened. This lets the few people that want to run an MTA do so. The vast majority of people don't run MTAs or even know what the hell they are.

Secure email is a different problem than fighting spam. Using your approach will result in everyone having to either pay for a certificate or the systemm will have to allow self signed certificates which would defeat the purpose.

My boss asked me to put together a graph of the amount of spam we've blocked over the past 18 months. I've seen a pretty steady (other than the occasional trough or spike) increase in spam the whole time. The number increases week by week and I don't see an end in site, unless you consider the point when my mail gateway gets overwhelmed by the amount. For 1200 email users, we're sitting at just over 150,000 blocked spams per week.

I reread the AOL story and then your reply. We're talking about two different things. I'm not looking at the spam making it through to the end users. I'm talking about the spam that I'm managing to block. The amount of spam I'm blocking continues to increase. The amount of spam I'm seeing as an end user (for me at least) is staying about the same (virtually zero).

I block mail from most of China and South Korea, the mail blocked by these rules accounts for about 80-90% of all spam blocked by the server.

Before I started blocking I saved all spam, and looking into the headers I have found that while the mail was received from a host in China or South Korea, the true origin was a host in US, typically an IP in the range 24.0.0.0/8 which is reserved for cable users.

The origin of the spam message as in which computer send it is somewhat trivial in the fight against spam.
I find it far more interesting that virtually all spam is about doing some sort of transaction with a US based shop.

Stopping spam would be easier if (local) authorities would go after the guys making the money selling bogus viagra and watches.
This is what happened in the Dutch example.

In other words, instead of tracking and prosecuting the one whose computer send the message we should be going after

Why, because he points out the general Slashdot concensus that copyright violation isn't really a crime (unless it's a GPL violation which of course worse than mass murder), yet spam is treated like the personal demon spawn of Satan? Troll or not, he makes a point.

No, he doesn't. For one thing, people generally do not moan that government should look the other way when they are copying cds. He is setting up an argument that he can refute, even if nobody ever uses that argument.

Second, he is asking "why is it". Who could ever answer that? Can the OP look into people's heads? Can I?

I'd like you to give the Slashdot community rational arguments for why copyright is a good thing. Can't do that? Well, fucking stop posting here.

What the bloody heck are you talking about? I never said it was a good thing. I'm simply pointing out the nonchalant attitude around here regarding things like mp3/movie distribution over p2p (oh come on, lots of you do it). Spam sucks, sure, but there are ways to deal with it that don't require massive government intervention. A better security mentality (p

Here is a good reason: I create the intellectual property - spending my time, money and effort. I should be able to do whatever I please with it and have it enforced in any legal manner I see fit. I should also be able to have it protected - and since I am the tiny guy working out of my garage and do not have the money to do the research or enforce such a law - I ask that the government help protect me from the big mean people who would steal my work because they are too inconsiderate to respect my hard wor

"spending my time, money and effort. I should be able to do whatever I please with it"

No. You should not be allowed to bother me with it. Yours must be the uggliest website of 2004. I should not have been exposed to it. But since I have been exposed to it, I think that entitles me to one or two things.

Your works are yours until you publish them. Then they become public property. If you don't like those rules, I suggest you mov

Correct, "theft" and "spam" mean two different things. Have a lollipop. But yes, in the sense that I can set your car on fire without stealing it isn't "theft" either. I suppose you could say that a spam-laden mail server is having "unauthroized resource usage" instead of "theft", though paying more for said resource usage can result in unauthorized money leaving one's wallet. In a sense that's theft.

"I suppose you could say that a spam-laden mail server is having "unauthroized resource usage" instead of "theft""

Using that kind of definition, any kind of inconvenience can be called theft. I'm parked in your driveway? I stole your use of it. I secretly poured Miracle Grown on your lawn at night? I stole money by causing you to spend more on lawnmowing gas. Etc etc etc.

Or I knock up your wife, thereby "stealing" the use of her uterus/vagina from you for a period of time. Sure. And you either pay for an abortion or pay the expenses of raising a child, which is a drain on your resources (which could be "theft"). Then the little bastard breaks into my house and uploads all my music files onto his PC, but that isn't theft. Or maybe it is. I'm actually amusing myself with this analogy.

Perhaps, but then again I'm not terribly interested in the party line of an organization that does as much as they can to assimilate other people's work under their holy GNU banner (the whole "Oh, you should really call it GNU/Linux" mentality).

Why is it that when governments enforce copyright laws, people piss and moan about the other more important things they should be focusing on, but then cheer when the government focuses on something as trivial as spam?

When it's easier to imagine yourself as the victim than the villian, then the law seems just.When it's not, it doesn't.

Because the federal government shouldn't be so actively fighting on the part of for-profit organizations. The organization should do their own fighting. Beyond which, most/.ers feel the copyright laws that ARE getting inforced are rediculous or outdated.

The government 'focusing' on spam (passing the can-spam act, not exactly focusing IMO) means to/.ers that the government whom (again, many/.ers feel) do not focus on real or relevant are finally doing something that pisses off millions of the citizens th

So, now you have identified the people who think the US government should focus on catching spammers rather than filesharers, why don't you go ask them your question. Seems to me, they're the only ones who can answer it.

RTFA, the spammers aren't in america, the zombied boxes they use to relay spam are.

I usually don't look at spam anymore as my filters work quite well, but I don't recall getting more than one or two messages that were not directed at English speakers. Most of the ads seemed to be for American companies as well. Maybe the companies sending the spam are not in the U.S., but those doing the advertising certainly seem to be U.S. companies. Has this changed?

The article shows the location of the computers which send spam to legit mail servers.

In this day where most spam is sent from zombied PCs, of course the US leads... Lots of computers here, lots of always-on broadband connections... and what's the ability of our users compared to the rest of the world? US computer owners include a lot who only know how to plug in and turn on.

The number two country is Korea... Again, lots of computers and even higher penetration by broadband.

I bought one, too. Looked a lot like this [semperfimac.net].
A lot was explained when they told me that alien flesh does not decompose. Rather, the innards evaporate in Earth's atmosphere, leaving a flexible thin exoskeleton that bears a remarkable resemblance to plastic. The "Made in China" sticker does not refer to manufacture. They told me that they had to do this because at one time it was processed through an alien morgue in Shanghai. I feel very fortunate to own an act

I'm hearing that a lot of linux newbies are running full blown sendmail servers on their home connections, and don't know how to set them up properly, so they happily allow people to anonymously relay mail through them.

Sounds like there is a serious usability issue then. Shouldn't sendmail default to a reasonable configuration? Most newbies I know change as little of the configuration as possible to get something working.

OK, this is obviously a touchy issue. Yes, the previous poster's numbers were poorly thought out. Yes, rape and sexual assault are a lot more common than is generally supposed. No, the survey he described was probably not accurate. Its questions were vague and poorly worded. "Did you have sex when you did not want to" is not equivalent to "were you raped?", nor is it equivalent to "were you sexually harassed?" I know women who had sex because they though it would make them popular, because they wanted so

Ok. So what you're saying is that even when a woman says "Yes" it may mean "No" and if that's the case she may later bring up charges and I'll be convicted as a rapist?

The above is legally the case in only a few very specific circumstances. In some states if a woman willingly says "yes" but is in a certain age range (16-17), or is under the influence of an intoxicant, and later decides that she was taken advantage of, it can still legally be considered rape. In normal circumstances, if a woman says "ye